CVE-2024-3382
📋 TL;DR
A memory leak vulnerability in Palo Alto Networks PAN-OS software allows attackers to send crafted packets that eventually cause the firewall to stop processing traffic. This affects only PA-5400 Series devices running PAN-OS with SSL Forward Proxy enabled. Successful exploitation leads to denial of service.
💻 Affected Systems
- Palo Alto Networks PA-5400 Series firewalls
📦 What is this software?
Pan Os by Paloaltonetworks
Pan Os by Paloaltonetworks
Pan Os by Paloaltonetworks
Pan Os by Paloaltonetworks
Pan Os by Paloaltonetworks
⚠️ Risk & Real-World Impact
Worst Case
Complete firewall outage causing network disruption and loss of security monitoring/protection for all traffic passing through the device.
Likely Case
Degraded firewall performance leading to intermittent traffic drops and potential security bypass during outage windows.
If Mitigated
Minimal impact if proper network segmentation and monitoring are in place to detect and respond to anomalous traffic patterns.
🎯 Exploit Status
Attack requires sending crafted packets to the firewall, which is typically network-accessible. No authentication needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific fixed versions
Vendor Advisory: https://security.paloaltonetworks.com/CVE-2024-3382
Restart Required: Yes
Instructions:
1. Check current PAN-OS version. 2. Download and install patched version from Palo Alto support portal. 3. Reboot firewall to apply update. 4. Verify SSL Forward Proxy functionality post-update.
🔧 Temporary Workarounds
Disable SSL Forward Proxy
allTemporarily disable the vulnerable feature until patching can be completed
Navigate to Device > Certificate Management > SSL Forward Proxy and disable the feature
Implement Rate Limiting
allConfigure traffic shaping rules to limit burst packet rates to the firewall
Configure QoS policies to limit traffic to firewall interfaces
🧯 If You Can't Patch
- Implement strict network ACLs to limit which sources can send traffic to firewall interfaces
- Increase monitoring for anomalous traffic patterns and firewall resource utilization
🔍 How to Verify
Check if Vulnerable:
Check if device is PA-5400 Series, SSL Forward Proxy is enabled, and PAN-OS version is vulnerable per vendor advisoryCheck Version:
show system info | match versionVerify Fix Applied:
Verify PAN-OS version is updated to patched version and SSL Forward Proxy remains functional📡 Detection & Monitoring
Log Indicators:
- High memory utilization alerts
- Firewall process crashes/restarts
- Traffic flow interruptions
Network Indicators:
- Unusual burst traffic patterns to firewall
- Increased packet drop rates
- SSL inspection failures
SIEM Query:
source="pan-firewall" (memory_utilization>90 OR process="ssl-proxy" status="failed")